Should I use mysqli_real_escape string() or mysql_real_escape_string() for form data?

php mysql mysqli mysql-real-escape-string
user1629766 picture user1629766 · Jan 3, 2013 · Viewed 76.8k times · Source

Possible Duplicate:
mysql_escape_string VS mysql_real_escape_string

I need to get company_name (given by user through a form) entered into my mysql database. When I use 

$company = mysqli_real_escape_string($_POST['company_name'])

I get an error

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in     /opt/lampp/htdocs/Abacus-Version-2/admin/Company/insert_company.php on line 58

But everything seems to fine while using

$company = mysql_real_escape_string($_POST['company_name'])

What can I do in such cases?

Answer

Anshu picture Anshu · Jan 3, 2013

The one to use depends on whether you are using the MySQLi extension or the MySQL extension

// procedural mysqli 
$db = new mysqli; 
$sql = sprintf("INSERT INTO table (id,name,email,comment) VALUES (NULL,'%s','%s','%s')", 
   mysqli_real_escape_string($db,$name), 
   mysqli_real_escape_string($db,$email), 
   mysqli_real_escape_string($db,$comment) ); 

// mysql 
$conn = mysql_connect(); 
$sql = sprintf("INSERT INTO table (id,name,email,comment) VALUES (NULL,'%s','%s','%s')", 
   mysql_real_escape_string($name,$conn), 
   mysql_real_escape_string($email,$conn), 
   mysql_real_escape_string($comment,$conn) );

Related questions

mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in

I'm have some trouble checking if a Facebook User_id already exists in my database (if it doesn't it should then accept the user as a new one and else just load the canvas application). I ran it on my …

Read More
How can I enable the MySQLi extension in PHP 7?

I have installed PHP 7 and MySQL 5.5.47 on Ubuntu 14.04 (Trusty Tahr). I have checked installed extension using: sudo apt-cache search php7-* It outputs: php7.0-common - Common files for packages built from the PHP source libapache2-mod-php7.0 - server-side, HTML-embedded …

Read More
CodeIgniter: Unable to connect to your database server using the provided settings Error Message

I have been using CI just fine using the MySQL driver. I want to use the MySQL driver instead, but as soon as I change it (just add the ‘i’ at the end of MySQL, and added the port number) …

Read More